lokibot | 2ec0872bb8cf5985b8bc64c1d15e6710f2c42a609682cd43fb52254fdb778d58 | Triage

Submit
Reports

Overview

overview

Static

static

FACTURAS.EXE

windows7_x64

Sharing

General

Target

2ec0872bb8cf5985b8bc64c1d15e6710f2c42a609682cd43fb52254fdb778d58
Size

1.2MB
Sample

210624-jdtkgl1tya
MD5

3c9a8dad5221e0cc3755e252811a722e
SHA1

407edc8a0289a72326006013eafe663cbad12bb1
SHA256

2ec0872bb8cf5985b8bc64c1d15e6710f2c42a609682cd43fb52254fdb778d58
SHA512

fc496808fc20720fef1662685dab5862cb9092b38d2a88f4749b7e6502d22b0840b9c6280a20ae1ba312ce7aa37bb993d5dfc00b3453b1ed59415bd69cfb7b3a

Score

10^/10

lokibot spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

FACTURAS.EXE

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/209hwrrIygNFO

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  FACTURAS.EXE
- Size
  
  743KB
- MD5
  
  dec50d35699429ddcba5874277455f92
- SHA1
  
  a3b0ec9a1df69019bcc31557475b94b9cc2e39a2
- SHA256
  
  0fb28c106093876aa073dc06d84fdf14c4d01f655e5a5c78e377f60321fa7665
- SHA512
  
  11dd4e61b7141798e166b985674bcbfd0294b38c081a2667305f8d46fc9c2a7d031d228cf5ba3c7c8698c92d6a349b862b4d1e386ac746bcd00c9ebe47bce9be
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

© 2018-2024

Terms | Privacy